package org.jaronsource.framework.plugins.security.web.taglib;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;

import org.apache.commons.lang.StringUtils;
import org.jaronsource.framework.plugins.security.SecurityTokenHolder;
import org.jaronsource.framework.plugins.security.SecurityUtils;
import org.jaronsource.framework.plugins.security.domain.SecurityToken;

public class NoAnyPermTag extends TagSupport {

	private static final long serialVersionUID = 2314845771987747293L;

	private String permCodes;

	public String getPermCodes() {
		return permCodes;
	}

	public void setPermCodes( String permCodes ) {
		this.permCodes = permCodes;
	}

	@Override
	public int doStartTag() throws JspException {
		SecurityToken token = SecurityTokenHolder.getSecurityToken();
		if ( token == null ) { return EVAL_BODY_INCLUDE; }

		boolean noPerm = true;

		String[] permCodeAarry = StringUtils.split( permCodes, "," );
		for ( String permCode : permCodeAarry ) {
			noPerm = !SecurityUtils.hasPerm( token, permCode.trim() );
			if (!noPerm) break;
		}

		return noPerm ? EVAL_BODY_INCLUDE : SKIP_BODY;
	}
}
